Overall Authentication Process

Much of the work required to make your product work with Amazon DevPay involves customer
authentication. You product must integrate with the License Service, which provides your product with a
user token for the specific customer. Your product then includes that user token and the product token
when making a request for the Amazon Simple Storage Service on behalf of that customer. This enables
Amazon to bill the customer for the usage of your product and the Amazon S3 requests the product
makes.

Important

Your DevPay product must create a separate bucket in Amazon S3 for each customer who buys and
uses the product. Each DevPay product can create up to 100 buckets per customer. For example, a
customer who uses three different DevPay products can have up to 300 DevPay buckets, plus any
other buckets created outside of DevPay (i.e., those created with a personal AWS account).

Once your product has created a bucket and put objects in it, only your product can access
that bucket and the objects in it. For more information about restrictions on data access, see
Customer Access Stored Data.

Important

It's your responsibility to design your web product so it can recognize each customer who
returns to your site and retrieve the user token associated with that customer.

The process for customer authentication is described in the following diagram and corresponding
steps.

Overall Process of Authentication for Web Products

The customer signs up for the product by clicking the purchase
URL you received during product registration. When the customer
completes the purchase, AWS generates an activation key for that customer and
makes it available to your server. For more information, see The Activation Key.

Your product sends an authenticated request to the License Service to activate
itself and obtain a user token for the customer. The
request includes the product token for your product and the activation key. For
more information, see The Request for Activation.

Your product appropriately stores the user token it has received. For more
information, see Storage of the User Token. Your product should associate the user
token with the customer who is logged in to your web product.

Later, when the customer uses the product, the product makes an Amazon S3
REST request on behalf of the customer. In the process, the product retrieves and
includes the customer's user token and the product token in the request. For more
information, see Making Amazon S3 REST Calls with Web Products.

Note

Amazon S3 requests that use DevPay must be REST requests or pre-signed
URLs; SOAP requests are not supported for DevPay.

The product token is optional in REST requests if you have the new
version of the user token that ActivateHostedProduct began
returning after May 15, 2008. Pre-signed URLs must include
this new version of the user token and should not include the product
token.